DEBIAN-CVE-2021-47196

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Set send and receive CQ before forwarding to the driver Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again till the mlx4 is going to be changed do not overwrite ibqp...

SUSE CVE-2021-47078

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxeqpdocleanup relies on valid pointer values in QP for the properly created ones, but in case rxeqpfrominit failed it was filled with garbage and caused tot the following error...

DEBIAN-CVE-2021-47078

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxeqpdocleanup relies on valid pointer values in QP for the properly created ones, but in case rxeqpfrominit failed it was filled with garbage and caused tot the following error...

UBUNTU-CVE-2021-47078

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxeqpdocleanup relies on valid pointer values in QP for the properly created ones, but in case rxeqpfrominit failed it was filled with garbage and caused tot the following error...

SUSE CVE-2021-46964

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Reserve extra IRQ vectors Commit a6dcfe08487e "scsi: qla2xxx: Limit interrupt vectors to number of CPUs" lowers the number of allocated MSI-X vectors to the number of CPUs. That breaks vector allocation assumptions...

UBUNTU-CVE-2021-46983

In the Linux kernel, the following vulnerability has been resolved: nvmet-rdma: Fix NULL deref when SEND is completed with error When running some traffic and taking down the link on peer, a retry counter exceeded error is received. This leads to nvmetrdmaerrorcomp which tried accessing the...

CVE-2021-46964 scsi: qla2xxx: Reserve extra IRQ vectors

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Reserve extra IRQ vectors Commit a6dcfe08487e "scsi: qla2xxx: Limit interrupt vectors to number of CPUs" lowers the number of allocated MSI-X vectors to the number of CPUs. That breaks vector allocation assumptions...

kernel: RDMA/rxe: Fix "kernel NULL pointer dereference" error

A NULL pointer dereference vulnerability was found in the RXE Soft-RoCE RDMA driver in the Linux kernel. When rxequeueinit fails during queue pair initialization in rxeqpinitreq, the task function and argument pointers qp-req.task.func and qp-req.task.arg remain uninitialized. The cleanup functio...

kernel: RDMA/rxe: Fix "kernel NULL pointer dereference" error

A NULL pointer dereference vulnerability was found in the RXE Soft-RoCE RDMA driver in the Linux kernel. When rxequeueinit fails during queue pair initialization in rxeqpinitreq, the task function and argument pointers qp-req.task.func and qp-req.task.arg remain uninitialized. The cleanup functio...

kernel: RDMA/rxe: Fix error unwind in rxe_create_qp()

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxecreateqp In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like the spin locks are not setup until rxeqpinitreq. If an error occures before this point then t...

kernel: RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup

A flaw was found in the rdmarxe module in the Linux kernel. A NULL pointer dereference can be triggered when an error occurs due to an improper check, resulting in a denial of service...

kernel: nvme-rdma: destroy cm id before destroy qp to avoid use after free

A vulnerability was found in the Linux kernel's nvme-rdma driver where the driver failed to destroy a component cmid before another component qp was destroyed. This issue occurs when the kernel incorrectly manages memory during RDMA, leading to a potential use-after-free...

kernel: nvme-rdma: destroy cm id before destroy qp to avoid use after free

A vulnerability was found in the Linux kernel's nvme-rdma driver where the driver failed to destroy a component cmid before another component qp was destroyed. This issue occurs when the kernel incorrectly manages memory during RDMA, leading to a potential use-after-free...

PT-2021-8170 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.15.0 Description: The vulnerability is related to a use-after-free error in the create qp function. This issue can be exploited to potentially elevate privileges in the system. The error occurs when the create qp functi...

PT-2024-11155 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0-syzkaller Description: The issue is related to the RDMA/rxe component of the Linux kernel. Specifically, the rxe qp do cleanup function relies on valid pointer values in the QP Queue Pair for properly...

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

The vulnerability in the `hw/rdma/vmw/pvrdma_cmd.c` component of the PVRDMA virtual network adapter driver allows a hacker to trigger a service failure.

The vulnerability in the hw/rdma/vmw/pvrdmacmd.c component of the PVRDMA virtual network adapter’s hardware emulation software, QEMU, is related to pointer assignment errors. Exploiting this vulnerability could allow a remote attacker to cause a service failure by creating CQ/QP objects...

The vulnerability of the `create_cq` and `create_qp` functions in the PVRDMA virtual network adapter emulator for hardware infrastructure emulation software QEMU allows a hacker to induce a service failure.

The vulnerability of the createcq and createqp functions in the PVRDMA virtual network adapter emulator for hardware support in QEMU is related to deficiencies in resource release after the expiration of its useful lifespan. Exploiting this vulnerability can allow an attacker to cause a service...

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...